Hello,
I am at the early stages of building and testing a 2 Master directory server setup trying to work out what to do with the configuration directory server.
I initially had it setup on one server1 with server2 using this, but then if server1 goes down the console access for server2 is broken. I have been trying to replicate the netscaperoot with little success (probably down to my confusion on what to put in the 'server2.inf' and ldif files) and wondered do I really have to replicate netscaperoot? What would be the implication of each master having their own netscaperoot and not replicating?
Its quite a basic setup and we have 2 existing masters elsewhere setup like this, so if I don't need to do this I'd like to keep it simple and have 2 seperate netscaperoots - even if it meant having to update 2 seperate servers, though I dont believe we have had to do this on the other deployment yet.
Pointers appreciated.
J
Jason Forde wrote:
Hello,
I am at the early stages of building and testing a 2 Master directory server setup trying to work out what to do with the configuration directory server.
http://www.redhat.com/docs/manuals/dir-server/8.2/admin/html/Managing_Replic...
I initially had it setup on one server1 with server2 using this, but then if server1 goes down the console access for server2 is broken. I have been trying to replicate the netscaperoot with little success (probably down to my confusion on what to put in the 'server2.inf' and ldif files) and wondered do I really have to replicate netscaperoot? What would be the implication of each master having their own netscaperoot and not replicating?
It just means that you have to connect to the console on each machine, and each console would only show the admin server and directory servers on that machine. You won't have the centralized console. When you set up replication in the console, it won't show you the other servers, you'll have to input the hostnames and ports manually. Other than that, everything should work just fine.
Its quite a basic setup and we have 2 existing masters elsewhere setup like this, so if I don't need to do this I'd like to keep it simple and have 2 seperate netscaperoots - even if it meant having to update 2 seperate servers, though I dont believe we have had to do this on the other deployment yet.
Pointers appreciated.
J
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On September 21, 2010 01:09:49 pm Jason Forde wrote:
Hello,
I am at the early stages of building and testing a 2 Master directory server setup trying to work out what to do with the configuration directory server.
I initially had it setup on one server1 with server2 using this, but then if server1 goes down the console access for server2 is broken. I have been trying to replicate the netscaperoot with little success (probably down to my confusion on what to put in the 'server2.inf' and ldif files) and wondered do I really have to replicate netscaperoot? What would be the implication of each master having their own netscaperoot and not replicating?
Its quite a basic setup and we have 2 existing masters elsewhere setup like this, so if I don't need to do this I'd like to keep it simple and have 2 seperate netscaperoots - even if it meant having to update 2 seperate servers, though I dont believe we have had to do this on the other deployment yet.
Pointers appreciated.
When I'm setting up my MMR servers to replicate their databases (including o=netscaperoot), I usually follow the following order (off the top of my head anyhow).
1. Run setup-ds-admin.pl on one machine. (call this the master for now) 2. Setup and configure encryption on the master 3. run setup-ds.pl on any other MMR servers. 4. Setup encryption on the other MMR servers. (confirm all the servers can talk TLS/SSL to each other) 5. create the o=netscaperoot suffix on the other servers (see ldif below) 6. Configure whatever replication agreements you want for o=netscaperoot 7. init those agreements on the master (this should send o=netscaperoot to all the other servers) 8. on the other servers, run register-ds-admin.pl and register the admin server with itself (*not the master server*)
If you look on your master server's o=netscaperoot, you should see the entries for the other servers as you register them.
From what I can tell, this will allow you (with some work) to point a servers config directory to another server, but does not allow for automatic failover to another configuration server if the local instance fails.
cat ns.ldif -------- dn: cn="o=netscaperoot", cn=mapping tree, cn=config changetype: add nsslapd-state: backend objectClass: top objectClass: extensibleObject objectClass: nsMappingTree cn: "o=netscaperoot" cn: o=netscaperoot nsslapd-backend: NetscapeRoot
dn: cn=NetscapeRoot, cn=ldbm database, cn=plugins, cn=config changetype: add objectclass: top objectclass: extensibleObject objectclass: nsBackendInstance nsslapd-suffix: o=netscaperoot cn: NetscapeRoot
ldapadd -x -h TARGETSERVER -D "cn=directory manager" -W -f ldif/ns.ldif
Ryan Braun Aviation and Defence Services Division Chief Information Officer Branch, Environment Canada CIV: 204-833-2500x2625 CSN: 257-2625 FAX: 204-833-2558 E-Mail: Ryan.Braun@ec.gc.ca
Hey Jason,
You may find this document I wrote up documenting our replication setup useful:
http://scripts.mit.edu/trac/browser/branches/fc13-dev/server/doc/install-lda...
(Scroll down to "Set up replication")
Cheers, Edward
389-users@lists.fedoraproject.org